As the popularity of social media continues to increase, so do the security and privacy risks that we face. In this article, we have identified some common considerations and best practices for your consideration.

Introduction. It seems that social media is everywhere. Traditional media outlets have begun incorporating it as an extension of their brand and building community to gather feedback from audiences, asking them to “send in your thoughts via Twitter” or other services. Parents are connecting with children, friends and family via Facebook. Social media sites are among the most popular Internet destinations. As the popularity of social media continues to increase, so do the security and privacy risks that we face. We have identified some common considerations and best practices in this newsletter. There also is a great deal more information available to explore on this subject. It is important to protect yourself and your employer by staying up-to-date on new security threats and trends.

Social Media Safety Tips and Best Practices

It’s public. Be cautious. Assume that all websites are potentially public or may be compromised. Only post information you are comfortable with anyone seeing. Limit the amount of personal information that you share with websites and online services. This approach should be considered for ALL websites, not just social networks. For example, do not post information that would make you vulnerable including your physical address, your schedule, or details of your typical routine. If online “friends” and connections post information about you, take time to review it closely to ensure that the combined information is not more than you would be comfortable sharing with a public audience. Equally, be considerate when posting any detailed information or photos of your connections online.

Evaluate settings and options. Most social media services provide a depth of customizable privacy settings and usability options. Unfortunately, few users really take the time to research them and how to make the tools work best for them. Default settings often leave a great deal of shared user information public and accessible by anyone. By changing a few settings, users can often restrict access and target how and to who they want information shared. Reflecting back on our earlier recommendation, it is still wise to assume that all websites are potentially public or able to be compromised. Private information could be exposed by changes in settings or privacy policy. Do not share any information or post any content that you wouldn’t want publicly accessible. Some sites may share specified user information, email addresses and profile preferences for example, with other third-party organizations. This sharing of information may lead to an increase in spam email. Review services’ privacy and sharing settings so that you do not unintentionally sign-up for unsolicited messages.

What you don’t know can hurt you. Many online users do not realize that electronic files may contain a depth of information about their creation and distribution. For example, files may embed the author’s name or system username (login), version, operating system, location, revision dates/times, etc. How can this embedded information impact your safety? Your photograph was taken and posted to a social media website. Was the photograph taken with a mobile phone or smart device? If so, it may well also include geolocation information which indicates very specifically when and where it was taken. Sometimes valuable, geolocation information can also unknowingly communicate where you live, common habits and destinations. Though you may not have revealed directly that you were out of town on business, this information has been communicated unknowingly. Fortunately, many of the most popular social networks provide settings which can disable geolocation data from being automatically applied to posts. Reflecting back on our prior recommendation, users should take the time to dig deeply into the settings and options of services that they use to enhance security and usefulness of the tool.

It never really goes away. Once you post something online through social media, you cannot fully erase it from history. Yes, you may be able to delete it and therefore remove it from public display but it is often archived somewhere within the service databases or through a third party. Ultimately, this means that the actions and content presented through your online profiles and communication tools potentially never go away. It is increasingly important for online users to fully consider the weight and potential ramifications of their interaction.

Don’t take candy from strangers. The perceived anonymity of the Internet makes it easier for people to misrepresent their identities and motives. Has a Nigerian prince contacted you recently about a large financial transaction? Has someone that you just met online requested to meet you in person? Did a bank recently email you asking for your account number and password? Spammers, scammers and thieves are seeking online users to manipulate. If you interact with people that you do not know, be cautious about the amount of information you reveal about yourself. Often services provide settings that may limit who are able to contact you through these sites. Furthermore, be skeptical and don’t believe everything that you read or are presented with online. False or misleading information abound online and it is important to take appropriate steps to verify the authenticity and validity of information before taking any action. Does the information that you’re being provided come from a credible source?

Treat third-party solutions with caution. Third-party solutions, applications and games for example, may provide entertainment or enhanced functionality to social media sites. Unfortunately, sharing between social networking sites and third-party solutions has been one of the primary sources of privacy violations on social networks. Third-party applications often require additional access to personal information or account settings. These add-on applications are not inherently bad if developed by a credible company that is partnered with or authorized by the host service. Use caution when choosing and enabling applications. Avoid applications that seem suspicious or attempt to modify your account settings.

Login and logoff. As is true with all online services, the login is the gateway to your information. Protect your accounts by using strong passwords that cannot easily be guessed. Whenever possible, use eight or more characters in your password. Also use a variety of characters in your password including numbers, symbols, capital and lower-case letters. Do not use the same password for everything as a cybercriminal may try your password on other sites. Keep your passwords fresh by changing them every three months. Also, it is very important that you logoff of your account when done. Especially in labs or on shared computers, another user could access the computer after you and have access to your profiles if you did not logoff. If your account is compromised (hacked), the user who has access to your account is, for all technological purposes, you. Report any problems with your account or identity theft immediately. An online hacker acting as you in a social network is a threat to your personal/professional identity and the security of your contacts.

Attribution. Please note that some aspects of this blog article were derived from the U.S. Department of Homeland Security’s “Cyber Security Tip ST06-003” document. Here, I have further expanded upon some of the base information from DHS with my own thoughts, experiences, practical applications and best practices. I hope that readers have found this useful and I welcome your comments.